The central ingredient of Web 2.0 web applications is Ajax. There is not security weakness in Ajax itself, but adaptation of this technology has changed the Web application development approach.
aSSL, or Ajax Secure Service Layer, is an open source library designed to substitute the need for Secure Socket Layer (SSL) in Ajax web-applications. In a nutshell, aSSL enables the browser to negotiate a secret random 128-bit key with the server using the RSA algorithm. Once a connection is established, the transmitted data will be encrypted using the AES encryption algorithm.
The aSSL library lets web developers to send data safely over the Internet when SSL is not available, or not needed. aSSL is designed for Ajax developers and includes both client and server-side code. aSSL should be be used in non-critical web applications such as chats, blogs and so on.
Contact
Have a hot hack? want to request a hack? let us know - editor [at] security-hacks.com
subscribe
Search
Latest Entries
- msramdmp: Dump RAM from a USB stick
- SWFIntruder: Are your Flash applications secure?
- Untidy: Python-based XML fuzzer
- Jailbreaking iPhone software v1.1.1
- Secure browsing with Squid and SSH
- Combat spam with Gmail aliases
- 5 Essential laptop security tips
- Email encryption with GPG and Mail.app
- Firefox: Disable suspicious JavaScript features
- aSSL: Add SSL to your Ajax application
Archives
